Hy,
I detect packet loss when I analyse GRE traffic sended by RSPAN. Is there a
default sampling parameter when configuring port mirroring ?
Test platform and scenario:
Two KVM virtual hosts (port internet2, internet3) hosted on a physical host
(port br0 and eth0). Trafic is sended through the gre interface to a remote
host. The gre trafic is sended through eth0 physical interface.
When I generate a trafic between a vm and an internet host (In my case
google server) I capture real and RSPAN trafic on eth0 interface.
Below the difference I observed when I use the "Follow tcp stream" option
in Wireshark:
GRE traffic:
GET / HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: www.google.fr
Connection: Keep-Alive
[18434 bytes missing in capture
file]function(b,a){google.xjsu=b;c(a)};google.dlj=c;})();(function(){window.google.xjsrm=[];})();if(google.y)google.y.first=[];if(!google.xjs){window._=window._||{};window._._DumpException=function(e){throw
e};if(google.timers&&google.timers.load.t){google.timers.load.t.xjsls=new
Date().getTime();}google.dljp('/xjs/_/js/k\x3dxjs.hp.en_US.snZCiI2p_3w.O/m\x3dsb_he,d/rt\x3dj/d\x3d1/t\x3dzcms/rs\x3dACT90oF4uKp_rZWz9S0tayKTr-mes6_yHg','/xjs/_/js/k\x3dxjs.hp.en_US.snZCiI2p_3w.O/m\x3dsb_he,d/rt\x3dj/d\x3d1/t\x3dzcms/rs\x3dACT90oF4uKp_rZWz9S0tayKTr-mes6_yHg');google.xjs=1;}google.pmc={"sb_he":{"agen":true,"cgen":true,"client":"heirloom-hp","dh":true,"ds":"","exp":"msedr","fl":true,"host":"
google.fr","jam":0,"jsonp":true,"lm":true,"msgs":{"cibl":"Effacer la
recherche","dym":"Essayez avec cette orthographe :","lcky":"J\u0026#39;ai
de la chance","lml":"En savoir plus","oskt":"Outils de
saisie","psrc":"Cette suggestion a bien .t. supprim.e de votre \u003Ca
href=\"/history\"\u003Ehistorique
Web\u003C/a\u003E.","psrl":"Supprimer","sbit":"Recherche par
image","srch":"Recherche
Google"},"ovr":{},"pq":"","refoq":true,"scd":10,"sce":5,"stok":"vWi5ZMd1C9pQEBycfKKELJzIU-Y"},"d":{}};google.y.first.push(function(){if(google.med){google.med('init');google.initHistory();google.med('history');}});if(google.j&&google.j.en&&google.j.xi){window.setTimeout(google.j.xi,0);}
</script></div></body></html>
Real traffic :
GET / HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: www.google.fr
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 31 Jan 2015 13:21:10 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie:
PREF=ID=d56ee019dd6049f0:FF=0:TM=1422710470:LM=1422710470:S=W0c7OtXcDzNNKmwJ;
expires=Mon, 30-Jan-2017 13:21:10 GMT; path=/; domain=.google.fr
Set-Cookie:
NID=67=hSg1Ymyok0tmap2A66SXm0-m5VTuArjG3QKTtbRrnOpCAH-QnTHcGcn8ZrqLGngLvbwQ--ZqotRlYbkFNr_q7aKDuvZ0geFV0TJ0-CdBLP8bR_I3PnsWeggrQdcuuRwu;
expires=Sun, 02-Aug-2015 13:21:10 GMT; path=/; domain=.google.fr; HttpOnly
P3P: CP="This is not a P3P policy! See
http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657
for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.02
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
4a21
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage";
lang="fr"><head><meta content="/images/google_favicon_128.png"
itemprop="image"><title>Google</title><script>(function(){window.google={kEI:'xtbMVNfGBdfvaI27gIAP',kEXPI:'4011559,4020347,4020560,4021587,4021598,4022545,4023677,4024600,4025280,4026109,4027921,4028063,4028128,4028335,4028508,4028588,4028706,8300111,8500393,8501019,8501081,10200083,10200793,10200904',authuser:0,kSID:'xtbMVNfGBdfvaI27gIAP'};google.kHL='fr';}
[etc ...]
Google"},"ovr":{},"pq":"","refoq":true,"scd":10,"sce":5,"stok":"vWi5ZMd1C9pQEBycfKKELJzIU-Y"},"d":{}};google.y.first.push(function(){if(google.med){google.med('init');google.initHistory();google.med('history');}});if(google.j&&google.j.en&&google.j.xi){window.setTimeout(google.j.xi,0);}
</script></div></body></html>
0
Ovs configuration:
ovs-vsctl show
08e628ea-ca98-4c9c-8149-00b7319dc101
Bridge "br0"
Port "internet2"
Interface "internet2"
Port "internet3"
Interface "internet3"
Port "gre0"
Interface "gre0"
type: gre
options: {remote_ip="192.168.42.2"}
Port "eth0"
Interface "eth0"
Port "br0"
Interface "br0"
type: internal
ovs_version: "2.3.1"
RSPAN configuration:
ovs-vsctl add-port br0 gre0 \
-- set interface gre0 type=gre options:remote_ip=192.168.42.2 \
-- --id=@p get port gre0 \
-- --id=@m create mirror name=m0 output-port=@p \
-- set bridge br0 mirrors=@m
ovs-vsctl \
-- --id=@internet0 get port internet2 \
-- --id=@internet1 get port internet3 \
-- set mirror m0 select-dst-port=@internet0,@internet1 \
-- set mirror m0 select-src-port=@internet0,@internet1
ovs-vswitchd --version
ovs-vswitchd (Open vSwitch) 2.3.1
Compiled Jan 31 2015 12:49:22
OpenFlow versions 0x1:0x1
cat /proc/version
Linux version 3.16.0-4-amd64 ([email protected]) (gcc version
4.8.3 (Debian 4.8.3-16) ) #1 SMP Debian 3.16.7-ckt2-1 (2014-12-08)
Regards,
Philippe
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
